aboutsummaryrefslogtreecommitdiff
path: root/doc/todo/inband_acl_data.mdwn
blob: 02b06245d0e7c1a21f9759dc765babc5046f0772 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
it [[!tag wishlist]] would be nice to have acls that get their data from wiki pages.

a particular use case is the [debienna wiki](http://debienna.at/) (our local
debian usergroup), where there are few admins, but everyone who has been
granted edit rights to the wiki should be allowed to allow other people in.
those people can register their accounts on their own, but may only write to a
dedicated page where they request write privileges.

the setup file should look like this:

    locked_pages: '!PleaseClearForEditing and !user_in_page(DebiennaGroup)'

and DebiennaGroup would contain

    * \[[chrysn]]
    * \[[albert]]
    * \[[rhonda]]

etc.

a suggested implementation is published on
`git://prometheus.amsuess.com/ikiwiki-plugins` and is short enough to be quoted
here:

<!-- don't copy/paste from here, clone the git or copy/paste from the ikiwiki rendered version, i had to scape [ -->

    #!/usr/bin/perl
    # Ikiwiki "user_in_page" pagespec
    # 
    # The pagespec user_in_page(some_page) returns success if the currently logged
    # in user is mentioned in a wikilink on some_page (which might be relative to
    # the currently active page, which allows per-directory restrictions).
    #
    # To be precise, the string \[[${USERNAME}]] has to be present in the some_page
    # source file.
    
    package IkiWiki::Plugin::user_in_page;
    
    package IkiWiki::PageSpec;
    
    sub match_user_in_page ($$;@) {
    	my $page=shift;
    	my $userlistpage=shift;
    	my %params=@_;
    	my $user=$params{user};
    
    	# this is relative to page, but this is intentional
    	my $userlistpagename = IkiWiki::bestlink($page, $userlistpage);
    
    	# FIXME: pagesources seems not to be defined in do=edit
    	my $userlistpagefile = "$userlistpagename/index.mdwn";
    
    	my $userlistpagedata = IkiWiki::readfile(IkiWiki::srcfile($userlistpagefile));
    
    	if ($userlistpagedata =~ /\Q\[[$user]]\E/ ) {
    		return IkiWiki::SuccessReason->new("User $user is listed in $userlistpagename");
    	} else {
    		return IkiWiki::FailReason->new("User $user is not listed in $userlistpagename");
    	}
    }
    
    1

before i complete this as a proposed plugin, i'd like to know

* if you have better ideas to check for the delimited user name than the
  \[[$user]] scheme?

* i had to manually expand `$pagename` to `$pagename/index.mdwn` as
  %pagesources seems to be empty in the context of `?do=edit`. how is this
  supposed to work?

--[[chrysn]]

> Just for the record, this seems to be a special case of [[todo/per_page_ACLs/]]. -- [[anarcat]]